User Contributed Notes 14 notes

the idea is never to give out file names, line numbers, and cryptic codes to the user. Use trigger_error() after you used set_error_handler() to register your own callback function which either logs or emails the error codes to you, and echo a simple friendly message to the user.

And turn on a more verbose error handler function when you need to debug your scripts. In my init.php scripts I always have:

For those of you wanting one (or more) lines of context on your call to trigger_error, I offer this. Would be nice to use \n to get a proper stack trace, but it seems trigger_error escapes it; therefore, I use a comma.

i recently began using a custom error handling class. the biggest problem is that, with call time pass by reference deprecated, you can't manipulate the error handler class after assigning at as the error handler (and it appears not to be returned by the set_error_handler method as the old error handler). my goal was to be able to store up all my non-fatal errors and print them at the end of script execution. that way i can use 'trigger_error' (which i actually have wrapped in a static method ErrorHandler::throwException for portability purposes... which is a pain because it always has the same line number information!!) for all kinds of errors, including user input erros. so when i check a user's password, for instance i would trigger a warning that said 'incorrect password'. of course i would only want this to print out the error once the script had completed.

switch ($errno) { //if the error was fatal, then add the error //display an error page and exit case ErrorHandler::FATAL(): $this->setType('Fatal'); $this->addError($error_message); Display::errorPage($this->errorMessages()); exit(1); break; //if it was an error message, add a message of //type error case ErrorHandler::ERROR(): $this->setType('Error'); $this->addError($error_message); break; //if it was a warning, add a message of type //warning case ErrorHandler::WARNING(): $this->setType('Warning'); $this->addError($error_message); break; //if it was some other code then display all //the error messages that were added default: Display::errorRows($this->errorMessages()); break; } //return a value so that the script will continue //execution return 1;}

the key part there is the 'default' behaviour. i found that if i call trigger_error with anything other than E_USER_ERROR, E_USER_WARNING or E_USER_NOTICE, then error code '2' is passed to the handler method. so when it is time to print all my non-fatal errors, like 'password and confirm password don't match' or something, i call ErrorHandler::printAllErrors()

function printAllErrors() { trigger_error("",2); }

which leads to the default behaviour in my switch statement in the assignError method above. the only problem with this is that the weird bug 'Problem with method call' that occurs with some static method calls (that one person on the bug lists said was fixed and another said wouldn't be fixed until version 5) also produces error code 2!! i have just taken to suppressing these errors with @, because despite the alledged problem with the method call, the script still seems to execute fine.

Error 1: ""Error 2: "failed to open stream: No such file or directory"

This behaviour is consistent with the description of $php_errormsg, which says that the variable will only be available within the scope in which the error occurred. The problem can be worked around with a custom error handler like the one below. However, I'm undecided whether changing the language in this way is good:

For those of you looking to use your own file or line number in the error (possibly using debug_backtrace()) instead of the ones created by trigger_error(), here is a solution:Create a custom function to handle E_USER_ERRORs that simply outputs the error type and message, while excluding the line number and file trigger_error() reports. You may also configure it to handle user warnings and notices if necessary (I did in the example below).

function trigger_my_error($message, $level) {//Get the caller of the calling function and details about it$callee = next(debug_backtrace());//Trigger appropriate errortrigger_error($message.' in <strong>'.$callee['file'].'</strong> on line <strong>'.$callee['line'].'</strong>', $level);}

It actually turns out - at least on PHP 5.2.6 on XAMPP (Windows) that for the custom error handler, you will need to set $errorType as the first parameter, and only the second parameter as $message, i.e. in reverse order compared to how the manual states it now.

When you use trigger_error with your own error handler, the class instances are destroyed (don't know how to say it better, I am not an expert).

So, if you try to call a class function from within the error handler function, you will get 'Call to a member function on a non-object' error, even if this function works perfectly in the rest of your script.

Solution : re-use the xxx = new yyy to re-create the instance in the beginning of your error handler ... and then you can call the class functions you want !

I am not so familiar with this but I think you can reach some of the functionality of try..catch with this function. I would disagree or correct the previous note. The @ is not the catch, it sets the error_reporting to 0 tempolary but with set_error_handler you can try to imitate some behavior like catch.I've just made this to try if it possible, I never tried in projects but I think could work in php 4. Actually if you want to have the Trace of the error you need to use php4.3+.Maybe not many of you will create new scripts in php4 and try to have some features from php5 but in some cases (extending older projects) this could be better error handling.

If this is a wrong approach, waiting for comments, if its not, use it!

// Try $GLOBALS['throw'] = null; // ...try...$sheis = badgirl(); //could be @badgirl, display_errors is something else, this just the handling// ..tryif($GLOBALS['throw']){ // This actually catch re-throws too... switch($GLOBALS['throw']){ // Catch case 'GoodGirlException': die('No bad girl today!'); break; case 'BadGirlWithError': die('Bad girl has some error'); break; default: return; // or you can make another trigger_error and re-throw another 'exception' or some other action }}echo "You will never see this line - @ only supress message, not a control flow";echo "Wrong! You could see this:)";

Well this is a good way on debuging your php scripts, but i wouldn't feeltoo comfortable by giving out my web servers structure.Notice that what helps you finding and isolating errors in your php helps also a potential attacker.Or maybe i am just paranoid, but its worth mention it.

We wanted to be able to pass an SQL query to the error handler on our site so we could monitor SQL problems, you cant do this through normal methods so we came up with this bridge script that 100% works